Browse by Tags

Tagged Content List
  • Blog Post: The Security Log Haystack – Event Forwarding and You

    Hi. This is your guest writer Mark Renoden . I’m a Senior Premier Field Engineer based in Sydney, Australia and I’m going to talk to you about the use of Event Forwarding to collect security events. This is particularly useful when: You have specific events you’re looking for...
  • Blog Post: Friday Mail Sack: I Have No Idea What to Call This Edition

    Hiya folks, Ned here with a slightly late Mail Sack coming your way. Today we discuss reading event logs, PowerShell, FSMO, DFSR, DFSN, GCs, virtualization, RDC, LDAP queries, DPM, SYSVOL migration, and Netmon. Do it. LogParser and Win2008 R2 security event logs DFS virtualization support...
  • Blog Post: Advanced XML filtering in the Windows Event Viewer

    Hi guys, Joji Oshima here again. Today I want to talk about using Custom Views in the Windows Event Viewer to filter events more effectively. The standard GUI allows some basic filtering, but you have the ability to drill down further to get the most relevant data. Starting in Windows Vista/2008, you...
  • Blog Post: Friday Mail Sack: They Pull Me Back in Edition

    Hiya world, Ned is back with your best questions and comments. I’ve been off to teach this fall’s MCM , done Win8 stuff , and generally been slacking keeping busy; sorry for the delay in posting. That means a hefty backlog - get ready to slurp. Today we talk: Weirdness with NETDOM...
  • Blog Post: Friday Mail Sack: Beard-Seconds Edition

    Hiya folks, Ned here again. This week we talk: DC DNS A Records and Web Servers Forwarding Security event log subscriptions Domain password filters Auditing NTLM vs NTLMv2 on Win2003 Programmatically determining if UNC is DFS namespace DFSR and Excel Shared Workbooks DFS, DC,...
  • Blog Post: Friday Mail Sack: It’s a Dog’s Life Edition

    Hi folks, Ned here again with some possibly interesting, occasionally entertaining, and always unsolicited Friday mail sack. This week we talk some: DNS partition absence Controlling DCDIAG event messaging Inventorying SYSVOL replication architecture Weird WMI DFSR volume paths Tightening...
  • Blog Post: What does DCDIAG actually… do?

    Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors . This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors...
  • Blog Post: Friday Mail Sack: No Redesign Edition

    Hello folks, Ned here again. Today we talk PDCs, DFSN, DFSR, AGPM, authentication, PowerShell, Kerberos, event logs, and other random goo. Let’s get to it. PDCE and user auth DFSR full mesh recommendations Access Denied when delegating Kerberos Clearing Event Logs en mass Where...